PT-2018-8853 · Arm+2 · Mbed Tls+2

Publicado

2015-07-29

Atualizado

2024-06-15

CVE-2018-0487

CVSS v3.1

9.8

Crítica

Vetor

AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Name of the Vulnerable Software and Affected Versions mbed TLS versions prior to 1.3.22 mbed TLS versions prior to 2.1.10 mbed TLS versions prior to 2.7.0

Description The issue allows remote attackers to execute arbitrary code or cause a denial of service due to a buffer overflow. This occurs when a crafted certificate chain is mishandled during RSASSA-PSS signature verification within a TLS or DTLS session.

Recommendations For versions prior to 1.3.22, update to version 1.3.22 or later. For versions prior to 2.1.10, update to version 2.1.10 or later. For versions prior to 2.7.0, update to version 2.7.0 or later.

Correção

RCE

DoS

Buffer Overflow

Encontrou algum problema na descrição? Tem algo a acrescentar? Fique à vontade para nos escrever 👾

dbugs@ptsecurity.com

Enumeração de Fraquezas

CWE-119

Identificadores relacionados

ALT-PU-2015-1643

ALT-PU-2018-1396

CVE-2018-0487

DSA-4138-1

DSA-4147-1

MGASA-2018-0163

OPENSUSE-SU-2018:0488-1

OPENSUSE-SU-2018:0491-1

OPENSUSE-SU-2024:11043-1

USN-4267-1

Produtos afetados

Alt Linux

Ubuntu

Mbed Tls

PT-2018-8853 · Arm+2 · Mbed Tls+2

CVE-2018-0487

Enumeração de Fraquezas

Identificadores relacionados

Produtos afetados

Referências · 54